PRIVACY POLICY
Following the implementation of the European regulation on the processing of personal data (Regulation EU 679/2016 – General Data Protection Regulation (GDPR)) and the relevant Italian legislation, the Data Controller recognizes the importance of personal data protection and its safeguarding as one of the main objectives of its activities. We therefore invite you to carefully read this information, as it contains all the necessary details for the protection of personal data. The processing of your personal data will be based on principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.
Data Controller of Personal Data
Fyonda S.r.l. located in Martano (LE), Via Don Minzoni 59, as the Data Controller, contact tel. +39 3337038352, email: privacy@fyonda.io/it, pursuant to the GDPR Regulation and the Privacy Code, informs you that it will process your personal data as follows.
Types of Data Collected
Navigation Data The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment. These data, necessary for the use of web services, are also processed for the purpose of:
- obtaining statistical information on the use of the services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
- checking the correct functioning of the services offered. Navigation data do not persist for more than seven days (except for any need to ascertain crimes by the Judicial Authority).
Data Provided by the User The optional, explicit, and voluntary sending of messages to the company’s contact addresses, private messages sent by users to the institutional profiles/pages on social media (where this possibility is provided), as well as the completion and submission of forms on the company’s websites, involve the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications. Specific information will be published on the company’s websites’ pages set up for the provision of certain services.
Cookies and Other Tracking Systems No cookies are used for user profiling, nor are other tracking methods employed. Session cookies (non-persistent) are used strictly limited to what is necessary for safe and efficient navigation of the sites. The storage of session cookies on terminals or browsers is under the user’s control, whereas on the servers, at the end of HTTP sessions, information related to cookies remains recorded in the service logs, with retention times not exceeding seven days like other navigation data.
Methods, Recipients, and Place of Data Processing
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out within the European Union, using computer tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other subjects involved in the organization of this website or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller. User Data is collected to allow the Data Controller to provide its Services, contact the User, manage contacts, and send messages.
Filling in Contact Forms on the Site
Data Processed: When a person decides to fill in the contact form on the Site, the Data Controller may collect the following categories of personal data relating to him/her: name, surname, email address, and phone number.
Purpose of Processing: The data collected under this paragraph will be collected and processed to allow an interested party to send a request.
Legal Basis: The legal basis on which the processing described in this paragraph is based is the necessity to fulfill a request, pursuant to art. 6, para. 1, letter b) GDPR.
Necessity of Data Provision: The provision of the data mentioned in this paragraph is necessary and, in its absence, it will not be possible to proceed with the request.
Retention Period: The Data Controller will process personal data for the time strictly necessary to fulfill the purposes mentioned above, in compliance with the principles of data minimization and storage limitation under art. 5, para. 1, letters c) and e) GDPR.
Marketing Activities
Data Processed: Personal data provided by a user through the Site: name, surname, email address, phone number.
Purpose of Processing: The Data Controller may process the personal data mentioned in this paragraph for marketing activities, sending promotional newsletters, and sending advertising material related to products and/or services of the Data Controller, also by automated means, such as email.
Legal Bases of Processing: The legal bases on which the processing of personal data for direct marketing purposes is based is consent (art. 6, para. 1, letter a) GDPR). Interested parties may object, at any time, to the processing of their personal data for such purposes in the following ways:
- Revoking marketing consent: by writing an email to privacy@fyonda.io/it
- Unsubscribing from a newsletter: by clicking on the appropriate link located at the bottom of each newsletter.
Necessity of Data Provision: The provision of the data referred to in this paragraph, as well as the granting of consent for their processing where necessary, is optional.
Data Retention: Data processed for direct marketing purposes will be retained for a period of three years from their provision and the granting of consent for their processing, where required. At the end of this period, the renewal of consent for the processing of such data will be requested. The possibility of extending the aforementioned retention period is reserved if necessary to comply with a legal obligation placed on the Data Controller or to protect a right of the Data Controller before a competent authority.
Retention Period
Data will be retained on paper and/or computer media for the duration of the contractual relationship and upon its termination for the periods provided by current accounting and tax regulations, as well as in the event of disputes or litigation for the limitation periods of the rights exercised in such contexts. Once these reasons for processing have ceased, the Data will be deleted, destroyed, or simply retained in anonymous form. With reference to the processing of Data for Direct Marketing purposes, the Data will be retained by the Company during the contractual period until the Customer revokes consent and after the termination of the contract for an additional period of two years, from the date of interruption of the relationship or in any case from the last communication sent to the Customer.
Rights of the Data Subject and Right to Lodge a Complaint with the Supervisory Authority
As a Data Subject, you may, at any time, send a communication to the Data Controller to exercise your rights under Articles 15 to 22 of Regulation EU 2016/679, including:
- Revocation of consent;
- Access to personal data;
- Rectification of personal data;
- Erasure (so-called right to be forgotten) of personal data;
- Restriction of personal data processing;
- Objection to personal data processing;
- Data portability (where applicable).
You have the right to lodge a complaint with the Data Protection Authority and/or another competent supervisory authority if you believe that your rights have been violated by the Data Controller and/or a third party (Data Protection Authority – www.garanteprivacy.it). The Data Controller of your personal data is Fyonda S.r.l. Email: privacy@fyonda.io/it PEC: fyonda@pec.it. The rights mentioned above can be exercised by contacting the indicated references.
Further Information on Processing
Defense in Court The User’s Personal Data may be used by the Data Controller in court or in the preparatory stages of its possible establishment for the defense against abuses in the use of this Website or related Services by the User. The User declares to be aware that the Data Controller may be obliged to reveal the Data by order of public authorities.
Specific Information Upon the User’s request, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information regarding specific Services or the collection and processing of Personal Data. Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.
System Logs and Maintenance For operational and maintenance purposes, this Website and any third-party services used by it may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.
Changes to this Privacy Policy The Data Controller reserves the right to make changes to this privacy policy. Therefore, please consult this page regularly. If the changes concern processing whose legal basis is consent, the Data Controller will re-collect the User’s consent if necessary.
Legal References This privacy policy is drafted based on multiple legislative systems, including Articles 13 and 14 of Regulation (EU) 2016/679. Unless otherwise specified, this privacy policy relates exclusively to this Website.